Password Protected Wi-Fi Is Also Prone To Hacks: Study

Cyber threats are one of the most talked about threats of the digital era. Now it has come to light that password-protected Wi-Fi connection can also be trespassed. Researchers Mathy Vanhoef and Frank Piessens from Belgium’s KU Leuven University has come up with a discovery claiming that a flaw in a Wi-Fi security protocol called WPA2 that makes the password protected Wi-Fi connections vulnerable to cyber-attacks.

Researchers tested this vulnerability within an attack and found that the attack “works against all modern protected Wi-Fi networks,” said Vanhoef.

“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected,” he further writes. “To prevent the attack, users must update affected products as soon as security updates become available.

“Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor,” he said.

Vanhoef, in his research paper, describes the attack as “exceptionally devastating” against android 6.0. The test attack through which this vulnerability was inspected is called a Key Reinstallation Attack (KRACK).

“Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices,” he writes on the Krackattack explaining the loophole. “Note that currently 41% of Android devices are vulnerable to this exceptionally devastating variant of our attack.”

While many believe CIO's role is evolving and that he's occupying a key place in the boardroom, a recent study brings to light that more than half of the CIO, CTO or IT admin staff (55%) are not thanked by colleagues for carrying out essential IT tasks on their behalf.